[PATCH 2/2] mailbox: Error out early if the mbox driver has failed to submit the message

From: Evgenii Shatokhin
Date: Thu Sep 15 2022 - 12:51:33 EST

Next message: Sudip Mukherjee: "Re: [PATCH v2 1/3] mtd: spi-nor: issi: is25wp256: Init flash based on SFDP"
Previous message: Evgenii Shatokhin: "[PATCH 1/2] mailbox: Propagate errors from .send_data() callback to mbox_send_message()"
In reply to: Evgenii Shatokhin: "[PATCH 1/2] mailbox: Propagate errors from .send_data() callback to mbox_send_message()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

mbox_send_message() places the pointer to the message to the queue
(add_to_rbuf) then calls msg_submit(chan) to submit the first of the
queued messaged to the mailbox. Some of mailbox drivers can return
errors from their .send_data() callbacks, e.g., if the message is
invalid or there is something wrong with the mailbox device.

In this case:
* hrtimer is not started by msg_submit();
* the pointer to that message remains in the queue;
* if mbox_send_message() is called in blocking mode, it will needlessly
wait for tx_tout ms (or for an hour if tx_out is not set), then it will
call tx_tick(chan, -ETIME).

tx_tick() will then try to submit the first message in the queue - the
same message as before. The underlying driver might reject it again.

The problematic message could then remain in the queue forever, which would
prevent the system from sending other, maybe unrelated messages via the
same mailbox channel. Moreover, the caller would be unable to free or reuse
the message structure.

Let us remove the message from the queue and error out from
mbox_send_message() early if sending of the message fails.

As for tx_tick() - not sure, if chan->cl->tx_done() should still be
called if msg_submit(chan) reports an error. For now, tx_tick() will
exit early too.

Signed-off-by: Evgenii Shatokhin <e.shatokhin@xxxxxxxxx>
---
drivers/mailbox/mailbox.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c
index 04db5ef58f93..32d9ba05427e 100644
--- a/drivers/mailbox/mailbox.c
+++ b/drivers/mailbox/mailbox.c
@@ -82,10 +82,9 @@ static int msg_submit(struct mbox_chan *chan)
chan->cl->tx_prepare(chan->cl, data);
/* Try to submit a message to the MBOX controller */
err = chan->mbox->ops->send_data(chan, data);
- if (!err) {
+ chan->msg_count--;
+ if (!err)
chan->active_req = data;
- chan->msg_count--;
- }
exit:
spin_unlock_irqrestore(&chan->lock, flags);

@@ -102,6 +101,7 @@ static void tx_tick(struct mbox_chan *chan, int r)
{
unsigned long flags;
void *mssg;
+ int err;

spin_lock_irqsave(&chan->lock, flags);
mssg = chan->active_req;
@@ -109,9 +109,8 @@ static void tx_tick(struct mbox_chan *chan, int r)
spin_unlock_irqrestore(&chan->lock, flags);

/* Submit next message */
- msg_submit(chan);
-
- if (!mssg)
+ err = msg_submit(chan);
+ if (!mssg || err)
return;

/* Notify the client */
@@ -276,6 +275,8 @@ int mbox_send_message(struct mbox_chan *chan, void *mssg)
}

err = msg_submit(chan);
+ if (err)
+ return err;

if (chan->cl->tx_block) {
unsigned long wait;
@@ -293,7 +294,7 @@ int mbox_send_message(struct mbox_chan *chan, void *mssg)
}
}

- return (err < 0) ? err : t;
+ return t;
}
EXPORT_SYMBOL_GPL(mbox_send_message);

--
2.34.1

Next message: Sudip Mukherjee: "Re: [PATCH v2 1/3] mtd: spi-nor: issi: is25wp256: Init flash based on SFDP"
Previous message: Evgenii Shatokhin: "[PATCH 1/2] mailbox: Propagate errors from .send_data() callback to mbox_send_message()"
In reply to: Evgenii Shatokhin: "[PATCH 1/2] mailbox: Propagate errors from .send_data() callback to mbox_send_message()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]